a month ago
Hello Railway Team,
I'm writing regarding a privacy issue with your Discord server.
I recently discovered that a deployment log file I posted in your Discord help channel was automatically indexed and stored by Answer Overflow, a third-party service. I could not find a way to message railway directly.
I deleted my original Discord message, but the cached copy remains on Answer Overflow's servers. I was not aware that messages posted in your Discord would be indexed by a third party and made publicly searchable.
My requests:
Can you assist in facilitating the removal of this file with Answer Overflow, as they have not responded to my deletion request?
Do you have a direct contact at Answer Overflow given your partnership?
I would suggest adding a visible warning in your Discord server informing users that their messages may be publicly indexed. This would help prevent similar situations for other users sharing sensitive deployment information.
I appreciate Railway as a service and understand the value of searchable support content, but users should be clearly informed before posting sensitive data.
Thank you for your help
8 Replies
a month ago
We cannot help, sorry, you will need to wait for a response from them.
We do not have any partnership with them.
The Discord server itself and all content within are publicly accessible on the internet.
Status changed to Awaiting User Response Railway • about 1 month ago
Status changed to Awaiting Railway Response Railway • about 1 month ago
Status changed to Awaiting User Response Railway • about 1 month ago
a month ago
So why do you say then that you have nothing to do with this issue? Why did you give them permission? Please contact them to erease my database
Status changed to Awaiting Railway Response Railway • about 1 month ago
a month ago
We enabled Answer Overflow to index our public Discord to help users find answers, but we don't have a direct contact there for individual removal requests. You'll need to continue pursuing removal through Answer Overflow's official channels. Since the Discord is public, any content shared there can be accessed and cached by third parties. We've noted your suggestion about adding a warning for users posting in help channels.
Status changed to Awaiting User Response Railway • about 1 month ago
angelo-railway
We enabled Answer Overflow to index our public Discord to help users find answers, but we don't have a direct contact there for individual removal requests. You'll need to continue pursuing removal through Answer Overflow's official channels. Since the Discord is public, any content shared there can be accessed and cached by third parties. We've noted your suggestion about adding a warning for users posting in help channels.
a month ago
Thank you for the clarification, but I need to push back on several points:
1. "We don't have a direct contact there"
You granted Answer Overflow permission to index your server. This implies some form of agreement or communication occurred. Even if informal, you enabled their bot and configured indexing settings. Please reach out through whatever channel you used to establish that arrangement.
2. "The Discord is public, so content can be cached by third parties"
There's a significant difference between:
A public Discord server (viewable by members who join)
Content being actively scraped, stored on external S3 buckets, and indexed on Google
You made an active decision to enable Answer Overflow. That's not passive "third-party caching" - that's a partnership, regardless of whether you call it one.
3. "You'll need to continue pursuing removal through Answer Overflow's official channels"
I have. They haven't responded. You enabled this service on your server - you bear some responsibility for the consequences.
4. "We've noted your suggestion"
A suggestion? Do you understand what this database leak can cause to my company? Exposed deployment logs can contain environment variables, API keys, internal configurations, and server paths. This isn't a minor inconvenience - it's a security incident that you enabled.
You never informed users that messages are being scraped and publicly indexed by a third party. When I posted in your help channel, I was under the reasonable belief that I was communicating with Railway support within a Discord server - not broadcasting sensitive deployment data to Google and the open internet.
There was no warning. No consent prompt. No indication whatsoever that sharing logs for troubleshooting would result in permanent public exposure on a third-party platform.
My requests remain:
Contact Answer Overflow directly on my behalf requesting immediate deletion of this file. You have leverage as the server that granted them access - use it.
Disable Answer Overflow indexing for help channels where users share sensitive deployment data, or at minimum add a clearly visible warning before users post.
Acknowledge responsibility. You enabled this. The least you can do is help fix it.
I'm not asking Railway to solve everything - I'm asking for reasonable assistance given that Railway made the decision to enable this indexing without informing your users.
Thank you, Barnaby
Status changed to Awaiting Railway Response Railway • about 1 month ago
a month ago
We removed Answer Overflow from our Discord server in favor of our native bridge, which provides similar functionality by allowing search engines to index public threads. We no longer have any communication channels with its developer. You will need to continue pursuing removal through Answer Overflow's official channels.
I'm sorry, but we're unable to provide further assistance.
Status changed to Awaiting User Response Railway • about 1 month ago
a month ago
Let me make sure I understand correctly:
You enabled Answer Overflow to scrape user data from your Discord server
My sensitive deployment logs were captured during that period
You have since removed Answer Overflow - but replaced it with your own tool that does the same thing
You now claim you "can't help" because you no longer communicate with the developer you originally authorized
The data was scraped while YOU had Answer Overflow enabled. The fact that you've since removed them doesn't erase your responsibility for data captured during that period.
This is not a case of some random third party scraping public content. You explicitly granted access. You enabled the indexing. You benefited from the SEO. And now that a user is facing real consequences, you're pointing fingers elsewhere.
To be clear about what's at stake: exposed deployment logs can contain API keys, database credentials, environment variables, and internal server configurations. This is a potential security breach for my company - not a minor inconvenience.
At minimum, I expected Railway to:
Send a single message to Answer Overflow's developer (who you previously worked with) requesting deletion
Take any responsibility whatsoever for a decision you made
Instead, you've closed ranks and told me to figure it out myself.
I'll be escalating this through GDPR channels and sharing this experience publicly so other users know that anything they post in Railway's Discord - including sensitive troubleshooting data - may be permanently indexed on third-party servers without warning or consent.
Disappointed
Status changed to Awaiting Railway Response Railway • about 1 month ago
Status changed to Closed brody • about 1 month ago